Now Available:

line

Featured Resources:

line

Realtime Communities

line

Newsletter

Email Address:


line

Monthly Archives

line

RSS

line

Ask the Expert

Have a question for our resident expert? Email your questions to Rebecca.

« HIPAA: Report Shows Most Complaints Not Investigated | Main | PCAOB Formally Proposes New Auditing Standard for Section 404 of SOX »

Data Ransom Story: Crooks Targeting Small Businesses and Individuals

Yesterday USA Today ran a report, "Cybercrooks hold PC data captive."

This is nothing new, I blogged about this type of ransom scheme earlier this year. The crooks are getting more creative.

This latest report discusses how small businesses and individuals are being targeted.

"With ransomware, however, online crooks implant malicious computer code on websites in hopes of breaking into the PCs of consumers and remotely encrypting a victim's files and photographs. The thieves demand a ransom through an online-payment service such as PayPal or e-gold. According to security firm Websense, one recent victim was the tech administrator at a company in the Northeast. His PC was infected by malicious code, which scrambled company files. An e-mailed ransom note demanded $200 for the digital keys to unlock the files. The victim did not pay because he doubted his data would be returned even if he paid, says Dan Hubbard, vice president of security and research at Websense. Most of the stolen files were recovered from a backup disk, Hubbard says."

Indeed, smart admin! He:

1) Had a backup
2) Realized extortionists are crooks you don't want to trust to follow through on their word

A few lessons:

* Make backups often
* Keep sensitive and mission critical data encrypted on devices accessing the Internet
* Use firewalls on personal computers connecting to the Internet
* Try not to visit untrusted websites

Tags:                    
 Email This!  Digg it!  Sphere it!  Del.icio.us  Reddit!  Newsvine

Posted by Rebecca Herold on December 19, 2006 7:03 PM |

TrackBack

TrackBack URL for this entry:
http://www.realtime-itcompliance.com/type/mt-tb.cgi/263

Comments

Small businesses are a likely victim. Online criminals know that large enterprizes have entire IT departments installing software and monitoring any security holes... Small businesses, on the other hand, don't have such human or monetary resources to protect themselves.
It's ironic, though, because many SMBs might think that hackers will go for the "bigger fish in the sea", when they, themselves, are a much easier target.
Great job attracting attention to this very very important topic.

Posted by: Mila | December 20, 2006 4:57 PM

Post a comment

(All comments are approved by site leader before appearing here. Thanks for commenting!)

Search

line

Most Active Posts

line

Library Resources

line
line

Recent Posts

line

Categories

line

Rebecca Herold's Bio:

Rebecca Herold, CISSP, CIPP, CISM, CISA, FLMI, has been providing information security, privacy and regulatory assistance and services to organizations from a wide range of industries for the past two decades. Rebecca was instrumental in building the information security and privacy program while at Principal Financial Group, which was awarded the CSI Information Security Program of the Year Award in 1998. IT Security ranked Rebecca as one of the top 59 IT security influencers, and Computerworld put Rebecca their list of the world's best privacy experts and on their list of the best privacy consulting firms in both 2007 and 2008. Rebecca has been CPO for two consulting organizations, and has had her own information privacy, security and compliance business since 2004. Rebecca has written chapters for several books, dozens of articles, and has been writing a monthly privacy column for the CSI Alert newsletter since the beginning of 2001, and is working on her 13th book. Some of her other books include The Privacy Papers, Managing an Information Security and Privacy Awareness and Training Program, The Definitive Guide to Security Inside the Perimeter (Realtime Publishers), The Shortcut Guide to Improving IT Service Support through ITIL (Realtime Publishers), and The Practical Guide to HIPAA Privacy and Security Compliance. In addition, Rebecca is the leader of The Realtime IT Compliance Community where she posts to her IT Compliance weblog. You can contact Rebecca at: rebecca_herold@realtimepublishers.net.